« previous next »
Pages: [1]   Go Down

Author Topic: Wrongly blocking website  (Read 2363 times)

0 Members and 1 Guest are viewing this topic.

max275

  • Guest
Wrongly blocking website
« on: November 24, 2011, 03:54:33 PM »
For some reason Avast blocking website www.batcave.stopklatka.pl  (problem - HTML:Script-inf). But according to other antivirus the site is safe.

Sucuri SiteCheck says: clean

Browserdefender say there is no malware here
http://www.browserdefender.com/site/www.batcave.stopklatka.pl/


When I check site by urlvoid only Avast say there is HTML:Script-inf
http://vscan.urlvoid.com/analysis/d5a31aefe937bddaff63be749829ac6f/YmF0Y2F2ZS1zdG9wa2xhdGthLXBs/

In the site code I don't found anything suspicious.
Logged

Offline Sirmer

  • Avast team
  • Sr. Member
  • *
  • Posts: 324
Re: Wrongly blocking website
« Reply #1 on: November 24, 2011, 04:15:47 PM »
Hello,
reason why we blocked this site was batcave.stopklatka.pl/1.pac ( Banker) This file doesn't exist anymore and this site will be remove from our block list.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Wrongly blocking website
« Reply #2 on: November 24, 2011, 04:27:13 PM »
Hi max275,

This could be at the root of the following Wordpress issue:
www.batcave.stopklatka.pl/wordpress/wp-includes/js/thickbox/thickbox.js?ver=3.1-20110528 suspicious
[suspicious:2] (ipaddr:87.98.235.107) (script) -www.batcave.stopklatka.pl/wordpress/wp-includes/js/thickbox/thickbox.js?ver=3.1-20110528
     status: (referer=-www.batcave.stopklatka.pl/)saved 12447 bytes d0f5711524217420df59a96d18f8dd9339dd7087
     info: [img] -www.batcave.stopklatka.pl/wordpress/wp-includes/js/thickbox/
     info: [iframe] -www.batcave.stopklatka.pl/wordpress/wp-includes/js/thickbox/
     info: [decodingLevel=0] found JavaScript
     error: undefined variable thickboxL10n
     error: undefined variable jQuery
     error: undefined function jQuery
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
Requested object could be infected with  Trojan-Downloader.JS.Iframe.bxv
Has to be seen this is a generic detection for this, anyway I see this detected there "Incognito exploit kit v2.0 HTTP GET request" in a recent  site scan - Phishing goin' on, see the recent report for  AS16276 OVH Systems for your site and others in this scan report from urlQuery:
http://urlquery.net/report.php?id=9578
Well avast's Sirmer reported the request is going nowhere now, but update and cleanse the hole to be  exploited not to be reinfected again,

pozdrawiam,

polonus
« Last Edit: November 24, 2011, 04:42:27 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »